Bug #54453

Http request does not handle X-Forwarded-Proto headers consistently

Added by Bastian Waidelich almost 8 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Should have
Category:
Http
Target version:
-
Start date:
2013-12-16
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

The Http\Request currently only checks the X-Forwarded-Proto header in isSecure(). But it fails to verify it correctly and it ignores the header when fetching the URI from the current request:
Given:

GET http://acme.com:8080 HTTP/1.1
X-Forwarded-Proto: https
X-Forwarded-Port: 443

(string)$currentHttpRequest->getUri();

EXPECTED: https://acme.com
ACTUAL: http://acme.com:8080

#1

Updated by Gerrit Code Review almost 8 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.Flow has been pushed to the review server.
It is available at https://review.typo3.org/26450

#2

Updated by Bastian Waidelich almost 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#3

Updated by Gerrit Code Review almost 8 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch 2.1 of project Packages/TYPO3.Flow has been pushed to the review server.
It is available at https://review.typo3.org/26868

#4

Updated by Bastian Waidelich over 7 years ago

  • Status changed from Under Review to Resolved

Also available in: Atom PDF